d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b | Triage

Submit
Reports

Overview

overview

Static

static

8

d00dd5a740...0b.exe

windows7_x64

d00dd5a740...0b.exe

windows10_x64

7

Sharing

General

Target

d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b.exe
Size

895KB
Sample

210304-e2b1szchk6
MD5

46c0218988f77018ce5572b99efbe24f
SHA1

5ffec1cdd67f5eafea89b50dcce94f6d0faf582c
SHA256

d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b
SHA512

f969cfe04fc89c9c15797bf813f47ca0bdf3d79e593d7b5d4a0f7a08f33b15e3b674ffab8c87485b53e16b5d8b88092aedc0a6c4670e2f1836a46e07c5f06cb0

Score

10^/10

evasion persistence spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b.exe

Resource

win7v20201028

evasion persistence spyware trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b.exe
- Size
  
  895KB
- MD5
  
  46c0218988f77018ce5572b99efbe24f
- SHA1
  
  5ffec1cdd67f5eafea89b50dcce94f6d0faf582c
- SHA256
  
  d00dd5a7408f5d0e558065a0f26e34392d3ec7220d1043fc7c6c7332a8ff7e0b
- SHA512
  
  f969cfe04fc89c9c15797bf813f47ca0bdf3d79e593d7b5d4a0f7a08f33b15e3b674ffab8c87485b53e16b5d8b88092aedc0a6c4670e2f1836a46e07c5f06cb0
Score

10^/10

evasion persistence spyware trojan upx
- Modifies system executable filetype association
  persistence
- UAC bypass
  evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywaretrojanupx

behavioral2

© 2018-2024

Terms | Privacy